jfinn
/
jitsi_app_c0
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

FIX: add flag to control whether to check room claim in JWT validation 

jibri queue component stop checking room validation in token
Jibri queue component debug output when bad token is found
master
Aaron van Meerten 4 years ago
parent
3da7798e9f
commit
d05fa32413
2 changed files with 22 additions and 10 deletions
Split View Show Diff Stats
  1. 11
    7
      resources/prosody-plugins/mod_jibri_queue_component.lua
  2. 11
    3
      resources/prosody-plugins/token/util.lib.lua

+ 11
- 7
resources/prosody-plugins/mod_jibri_queue_component.lua View File 

@@ -62,8 +62,11 @@ token_util:set_asap_accepted_issuers(ASAPAcceptedIssuers);
62 62 
 local ASAPAcceptedAudiences
63 63 
     = module:get_option_array('asap_accepted_audiences',{'*'});
64 64
65 
-    module:log("info", "ASAP Accepted Audiences %s", ASAPAcceptedAudiences);
66 
-    token_util:set_asap_accepted_audiences(ASAPAcceptedAudiences);
65 
+module:log("info", "ASAP Accepted Audiences %s", ASAPAcceptedAudiences);
66 
+token_util:set_asap_accepted_audiences(ASAPAcceptedAudiences);
67 
+
68 
+-- do not require room to be set on tokens for jibri queue
69 
+token_util:set_asap_require_room_claim(false);
67 70
68 71 
 local ASAPTTL
69 72 
     = module:get_option_number("asap_ttl", 3600);
 
@@ -410,14 +413,15 @@ function verify_token(token, room_jid, session)
410 413 
     local verified, reason, message = token_util:process_and_verify_token(session);
411 414 
     if not verified then
412 415 
         log("warn", "not a valid token %s: %s", tostring(reason), tostring(message));
416 
+        log("debug", "invalid token %s", token);
413 417 
         return false;
414 418 
     end
415 419
416 
-    if not token_util:verify_room(session, room_jid) then
417 
-        log("warn", "Token %s not allowed to access: %s",
418 
-            tostring(token), tostring(room_jid));
419 
-        return false;
420 
-    end
420 
+    -- if not token_util:verify_room(session, room_jid) then
421 
+    --     log("warn", "Token %s not allowed to access: %s",
422 
+    --         tostring(token), tostring(room_jid));
423 
+    --     return false;
424 
+    -- end
421 425
422 426 
     return true;
423 427 
 end

+ 11
- 3
resources/prosody-plugins/token/util.lib.lua View File 

@@ -92,6 +92,8 @@ function Util.new(module)
92 92 
     --array of accepted audiences: by default only includes our appId
93 93 
     self.acceptedAudiences = module:get_option_array('asap_accepted_audiences',{'*'})
94 94
95 
+    self.requireRoomClaim = module:get_option_boolean('asap_require_room_claim', true);
96 
+
95 97 
     if self.asapKeyServer and not have_async then
96 98 
         module:log("error", "requires a version of Prosody with util.async");
97 99 
         return nil;
 
@@ -112,6 +114,10 @@ function Util:set_asap_accepted_audiences(acceptedAudiences)
112 114 
     self.acceptedAudiences = acceptedAudiences;
113 115 
 end
114 116
117 
+function Util:set_asap_require_room_claim(checkRoom)
118 
+    self.requireRoomClaim = checkRoom;
119 
+end
120 
+
115 121 
 --- Returns the public key by keyID
116 122 
 -- @param keyId the key ID to request
117 123 
 -- @return the public key (the content of requested resource) or nil
 
@@ -222,9 +228,11 @@ function Util:verify_token(token, secret)
222 228 
         return nil, issCheckErr;
223 229 
     end
224 230
225 
-    local roomClaim = claims["room"];
226 
-    if roomClaim == nil then
227 
-        return nil, "'room' claim is missing";
231 
+    if self.requireRoomClaim then
232 
+        local roomClaim = claims["room"];
233 
+        if roomClaim == nil then
234 
+            return nil, "'room' claim is missing";
235 
+        end
228 236 
     end
229 237
230 238 
     local audClaim = claims["aud"];

Write Preview
Loading…
Cancel
Save